High Severity

lunary

Improper Access Control in Template Version Retrieval

An Insecure Direct Object Reference (IDOR) vulnerability in lunary-ai/lunary allows unauthorized viewing of any project prompts by supplying a prompt ID. This issue affects version 1.2.2 and was patched in version 1.2.25.

Available publicly on May 20 2024

7.5

CVE:

CVE-2024-5131

CWE:

284:Improper Access Control

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

fewword
AssessDetect

Premium

Remediate
Remediation Steps
  • Update to version 1.2.25 or later.
  • Implement proper authorization checks to ensure that a user requesting prompt details is authorized to view the prompt associated with the supplied ID.
  • Regularly audit and review code for potential IDOR vulnerabilities.
  • Consider implementing rate limiting and logging to detect and mitigate brute-force attempts to guess prompt IDs.
Patch Details
  • Fixed Version: 1.2.25
  • Patch Commit: https://github.com/lunary-ai/lunary/commit/ddfd497afd017a6946c582a1a806687fdac888bf
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 291 related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon